I'm currently experimenting with HybridAuth for my signup/log in system. After a user has authenticated successfully, i store the user id in the session $_SESSION['user'] = $user_id. I also store all the other data that HybridAuth can give me about a user in a database for later use.
Then when I need to check whether the user is logged in, I can run the following:
if(isset($_SESSION['user_id']))
And then maybe something like the following to ensure that the logged in user can perform an action (e.g. delete comment):
if ( $_SESSION['user_id'] == $comment_user ) {
//User owns the comment, go ahead and delete it.
...
}
$_SESSION data generated by HybridAuth?Using $_SESSION that way is ok, but what happens with the $_SESSION expires? do you reauthorize?
We store the HybridAuth authorization info in a MySQL and use it later to access Social Media Profile, post to timeline and such.